In your multitenant container database (CDB) containing same pluggable databases (PDBs), you
execute the following commands in the root container:
Which two statements are true?
A.
The C # # ROLE1 role is created in the root database and all the PDBs.
B.
The C # # ROLE1 role is created only in the root database because the container clause is not
used.
C.
Privileges are granted to the C##A_ADMIN user only in the root database.
D.
Privileges are granted to the C##A_ADMIN user in the root database and all PDBs.
E.
The statement for granting a role to a user fails because the CONTAINER clause is not used.
Explanation:
*You can include theCONTAINERclause in several SQL statements, such as
theCREATE USER,ALTER USER,CREATE ROLE,GRANT,REVOKE, andALTER
SYSTEMstatements.
* * CREATE ROLE with CONTAINER (optional) clause
/ CONTAINER = ALL
Creates a common role.
/ CONTAINER = CURRENT
Creates a local role in the current PDB.
while create role in 12c: “If the current container is a PDB and you omit this clause, then CONTAINER = CURRENT is the default. If you omit this clause and the current container is the root, then CONTAINER = ALL is the default.”
http://docs.oracle.com/cd/E16655_01/server.121/e17209/statements_6013.htm#SQLRF54313
So AD
)))
but while grant in 12c in root: “If you omit this clause, then CONTAINER = CURRENT is the default.”
http://docs.oracle.com/cd/E16655_01/server.121/e17209/statements_9013.htm#SQLRF55701
So AC )))
Correct answer is A and C.
Roll will be created in root and all pdbs.
grant will be done only in root.
SQL> create role c##connect;
Role created.
SQL> 1
1* select role,con_id from cdb_roles where role=’C##CONNECT’
SQL> /
ROLE CON_ID
———- ———-
C##CONNECT 1
C##CONNECT 4
C##CONNECT 3
SQL> grant create session to c##connect;
Grant succeeded.
SQL> select privilege,con_id from cdb_sys_privs where grantee=’C##CONNECT’;
PRIVILEGE CON_ID
—————————————- ———-
CREATE SESSION 1
SQL> revoke create session from C##CONNECT;
Revoke succeeded.
SQL> grant create session to c##connect container=all;
Grant succeeded.
SQL> select privilege,con_id from cdb_sys_privs where grantee=’C##CONNECT’;
PRIVILEGE CON_ID
—————————————- ———-
CREATE SESSION 1
CREATE SESSION 4
CREATE SESSION 3
Very nice
A – TRUE – WORK – check in lab
C – TRUE – grant work only on CDB – root – check in lab
SQL> create role c##c;
Role created.
SQL> grant create session to c##c;
Grant succeeded.
SQL> create user c##u;
create user c##u
*
SQL> create user c##u identified by a1;
User created.
SQL> grant c##c to c##u;
Grant succeeded.
SQL> exit
C:\Users\oracle>sqlplus c##u@pdb1
SQL*Plus: Release 12.1.0.1.0 Production on Mon Aug 4 12:22:12 2014
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-01045: user C##U lacks CREATE SESSION privilege; logon denied
C:\Users\oracle>sqlplus c##u/a1
SQL*Plus: Release 12.1.0.1.0 Production on Mon Aug 4 12:22:35 2014
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 – 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL>
Very nice
A- for create user command default value for container is ALL
C: for grant command the default value for container is current.
A and C
AC=OK
If you omit this clause, then CONTAINER = CURRENT is the default.
https://docs.oracle.com/database/121/SQLRF/statements_9013.htm#SQLRF01603
AC
A,C
The create role statements is issued from the root. The default for the root is CONTAINER=ALL; Hence A is correct.
Privileges assigned to a common role are common privileges as long as CONTAINER=ALL is
specified and therefore are applied in all containers. If CONTAINER=ALL is not specified, the
privilege assigned to a common role is local.
SQL> GRANT priv TO c##_role CONTAINER=ALL;
This command shows a privilege granted commonly to a common role, and therefore usable in each of the PDBs.
SQL> GRANT priv TO c##Role2;
This command shows a privilege granted locally to a common role, and therefore usable only locally, i.e, only in the root.
Common roles can be created in the root container only.
Hence the answers are: A, C
This is a really tricky one.
For creating user defaul is CONTAINER = ALL
but for privilages grant, default is CONTAINER = CURRENT
A & C
AC
AC
AC
CONTAINER Clause
If the current container is a pluggable database (PDB):
Specify CONTAINER = CURRENT to locally grant a system privilege, object privilege, or role to a user or role. The privilege or role is granted to the user or role only in the current PDB.
If the current container is the root:
Specify CONTAINER = CURRENT to locally grant a system privilege, object privilege, or role to a common user or common role. The privilege or role is granted to the user or role only in the root.
Specify CONTAINER = ALL to commonly grant a system privilege, object privilege on a common object, or role, to a common user or common role.
If you omit this clause, then CONTAINER = CURRENT is the default.